Texas orthopedic clinic CoPilot are just now informing their patients that their protected health information may have been exposed in a 2015 CoPilot data breach. In October 2015, an online portal managed by CoPilot Provider Support Services was accessed by an...
PeaceHealth: Former Employee Accessed Private Data for Over Six Years
A Catholic health system based in Vancouver, WA PeaceHealth, has revealed discovered that a former member of staff had accessed the medical history of almost 2,000 patients without any an adequate work reason. The unauthorized and inappropriate access was found by...
21,856 Individuals Have Data Breached After Attack on HIPAA Business Associate
Nebraska-based CBS Consolidated Inc., operating as Cornerstone Business & Management Solutions, completed a routine audit of system logs on July 10, 2017 and discovered a seemingly strange account on their servers. This case further highlights the importance of...
Dark OverLord Group Attacked SMART Physical Therapy
Hacking group TheDarkOverlord, after an apparent period of inactivity, has claimed responsibility for another successful attack on a U.S. healthcare supplier. This time the victim was Mass-based SMART Physical Therapy (SMART PT). The announcement of the data theft...
Mercy Health Love County Hospital Breach: Private Data of Almost 13k People Under Threat After
A HIPAA violation at Mercy Health Love County Hospital may have exposed the private information of in excess pf 13,000 patients in Oklahoma. On June 23, 2017, the health centre found that a member of staff employee had stolen a laptop computer and paper records from a...
Huge HIPAA Settlement Due to Unencrypted Data on Laptop
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has just received a joint settlement of $1,975,220 for the potential breaches of HIPAA arising following the theft of a laptop storing unencrypted ePHI data. The failure to adhere to the...
AETNA Facing Legal Action for Patient HIV Status Breach
Aetna is facing a class action lawsuit following a privacy breach that saw the HIV positive status of up to 12,000 individuals disclosed against the patients' wishes. The individuals names and addresses were visible during a recent mail distribution when details of...
Hurricane Harvey Disaster Zone Partial Waiver Issued by HHS
In a release yesterday, HHS Secretary Tom Price stated that OCR will waive sanctions and financial penalties for specific Privacy Rule violations against hospitals in the Hurricane Harvey disaster area. This waiver is only applicable to the provisions of the...
DHS Warns Healthcare Organizations of Vulnerabilities in Siemens Medical Imaging Devices
The Department of Homeland Security has issued an alert over vulnerabilities in Siemens medical imaging devices. The vulnerabilities could be exploited remotely and attacks would require only a low level of skill. Exploits are publicly available that could allow...
Industry Leaders Declare Support for Medical Device Cybersecurity Act
The Medical Device Cybersecurity Act introduced by Connecticut Senator Richard Blumenthal last week is intended to improve the security of medical devices by making it harder for the devices to be hacked. If the legislation is passed, medical device manufacturers will...
KPMG Survey Confirms Increase in HIPAA Data Breaches in the Past 2 Years
KPMG has published the findings of its recent Cyber Healthcare & Life Sciences Survey. The survey was conducted on 100 individuals with responsibility for information security at healthcare providers and payers with annual revenues in excess of $500 million. The...
HITRUST Launches Program to Improve Healthcare Risk Management and Cybersecurity
HITRUST has announced it is embarking on a new Community Extension Program to reach out to healthcare organizations to provide advice on best practices to adopt to improve cybersecurity. The new program will enable HITRUST to discuss cybersecurity issues with...
Only 5% of Healthcare Organizations Use Risk Management Software
A recent survey conducted by risk management software vendor Netwrix has revealed only 5% of healthcare organizations are using software for risk management and security governance. Additionally, only 32% of healthcare organizations said they had a separate...
OCR Warns of Risks from Cloud Computing and File Sharing Tools
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a reminder to all covered entities and business associates of the possible risks associated with file sharing and collaboration tools, outlining the dangers these services can...
The 2016 Cost of Data Breach Study: A Summary
The Ponemon Institute has conducted an annual benchmark study on the cost of data breaches for the last decade. Their 2016 Cost of Data Breach Study was published by the Institute earlier this week. The overall report shows the cost of breach resolution has continued...
HIPAA to be Updated to Cover Texting, Social Media and Transparency in Investigatory Methods
At the Healthcare Information and Management Systems Society’s 2017 conference-HIMSS17-OCR’s Deven McGraw released some new information on the HIPAA guidance OCR expects to release in 2017. Last year, the Joint Commission lifted the ban on the use of text messages for...
Summary of Healthcare Data Breaches in 2016
Although the total number of healthcare data breaches reported in 2016 is an order of magnitude lower than the number seen in 2015, there was a significant increase in the number of covered entities (CEs) that reported breaches. There were 16,471,765 recorded breaches...
33% of Hospitals Do Not Have HIPAA-Compliant EHR Contingency Plans
In a recent report released by the Department of Health and Human Services’ Office of Inspector General, a third of hospitals do not have sufficient HIPAA-compliant EHR contingency plans in place, although the majority are “largely addressing” HIPAA requirements for...
June 2016 Sees Massive Healthcare Data Breach
In recent years, there has been a substantial increase in the number of cyberattacks on healthcare organizations with the aim of obtaining PHI. It has proven profitable for hackers to conduct attacks on healthcare organizations and sell the data on the black...
Snapchat Video Posting Gets Nursing Assistant Fired
A nursing assistant from the Parkside Manor assisted-living center in Kenosha, WI., has been fired from her job for recording a video of a practically naked 93-year-old Alzheimer’s patient and sharing it on Snapchat. Recently an unwelcome trend has emerged involving...
Improper PHI Disposal Leads Allina Health System to Alert 6,000
The Allina Health System Minneapolis Isles clinic has notified around 6,000 patients of a breach of their Protected Health Information (PHI). The clinic, located at 2800 Hennepin Avenue, found instances of improper PHI disposal had occurred after documents including...
Lahey Hospital Reach Settlement with OCR
Following a data breach that occurred back in 2011, the HHS has revealed that Lahey Hospital and Medical Center has agreed to settle a case with the Office for Civil Rights (OCR) over alleged HIPAA violations for $850,000. Lahey Hospital and Medical Center has agreed...
Conn. OIG Reaches $90K Settlement over 2012 Laptop Theft
Following the 2012 theft of a laptop computer containing the unencrypted data of 8,883 Connecticut residents, Hartford Hospital - and one of its Business Associates, EMC Corporation (EMC) - have agreed to a settlement with the Connecticut Office of the Inspector...
Small Dental Practices HIPAA Compliance Tool Released
Being compliant with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size. However, smaller healthcare providers tend to have more issues. Budgets tend to be tighter, and a lack of suitable staff means progress is slow. This...
Lack of Skilled Staff Means Cybersecurity Services are Being Outsourced
A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third party consultants and...
23rd National HIPAA Summit Next Week
Government department heads and industry leaders will be attending the 23rd National HIPAA Summit to give updates on the work that has been completed in the last year and to provide information on new legislation and regulations. The summit also offers the chance for...
Legislative Changes Covering Big Data Proposed by Federal Advisers
The Health IT Policy Committee’s Privacy and Security Workgroup has been reviewing a number of Big Data issues affecting the privacy and security of patients after two public hearings conducted by the organization in December 2014. The focus the working group to make...
Free Healthcare Communications Webinar to be Presented by TigerText
TigerText has revealed it will be presenting a free healthcare communications webinar in which former HHS regulator Adam Greene will be speaking about best practices for introducing a HIPAA-compliant mobile communications strategy. “Ask the Experts: Tips for a HIPAA...
Report Reveals Biggest Causes of PHI Exposure
Veriphyr Identity and Access Intelligence has recently published a report into what causes the greatest threat to exposure of Protected Health Information (PHI). The study found that the theft of mobile devices may result in the largest exposures of PHI, however, the...
Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.
COMPREHENSIVE HIPAA TRAINING
Used in 1000+ Healthcare Organizations and 100+ Universities
Privacy is key to everything that we do at J Flowers Health Institute. We require the highest data privacy standards in our daily operations between our team members and patients. The HIPAA compliance and cyber security training we provide to our teams with ComplianceJunction creates enormous value for our organization.
Kevin DeLoach
Chief Operating Officer
J. Flowers Health Institute